bool CheckType(MethodDef initMethod)
{
if (!initMethod.HasBody)
{
return(false);
}
if (DotNetUtils.FindFieldType(initMethod.DeclaringType, "System.Reflection.Assembly", true) == null)
{
return(false);
}
resolverVersion = CheckSetupMethod(initMethod);
if (resolverVersion == ResolverVersion.None)
{
resolverVersion = CheckSetupMethod(initMethod.DeclaringType.FindStaticConstructor());
}
if (resolverVersion == ResolverVersion.None)
{
return(false);
}
resolverType = initMethod.DeclaringType;
resolverMethod = initMethod;
return(true);
}
bool FindStringDecrypterType(out TypeDef theType, out MethodDef theMethod)
{
theType = null;
theMethod = null;
foreach (var type in module.Types)
{
if (type.IsPublic)
{
continue;
}
if (type.Fields.Count != 1)
{
continue;
}
if (DotNetUtils.FindFieldType(type, "System.Byte[]", true) == null)
{
continue;
}
if (type.Methods.Count != 2 && type.Methods.Count != 3)
{
continue;
}
if (type.NestedTypes.Count > 0)
{
continue;
}
MethodDef method = null;
foreach (var m in type.Methods)
{
if (m.Name == ".ctor" || m.Name == ".cctor")
{
continue;
}
if (DotNetUtils.IsMethod(m, "System.String", "(System.Int32)"))
{
method = m;
continue;
}
break;
}
if (method == null)
{
continue;
}
theType = type;
theMethod = method;
return(true);
}
return(false);
}
protected override bool CheckResolverType(TypeDef type)
{
if (DotNetUtils.FindFieldType(type, "System.Collections.Hashtable", true) != null ||
DotNetUtils.FindFieldType(type, "System.Collections.Generic.Dictionary`2<System.String,System.Reflection.Assembly>", true) != null)
{
return(true);
}
foreach (var field in type.Fields)
{
if (DotNetUtils.DerivesFromDelegate(DotNetUtils.GetType(module, field.FieldType)))
{
continue;
}
if (field.IsLiteral && field.FieldType.ToString() == "System.String")
{
continue;
}
return(false);
}
return(true);
}
MethodDef GetProxyCreateMethod(TypeDef type)
{
if (DotNetUtils.FindFieldType(type, "System.ModuleHandle", true) == null)
{
return(null);
}
if (!type.HasFields)
{
return(null);
}
if (type.Fields.Count > 25)
{
return(null);
}
MethodDef createMethod = null;
foreach (var m in type.Methods)
{
if (m.Name == ".ctor" || m.Name == ".cctor")
{
continue;
}
if (createMethod == null && DotNetUtils.IsMethod(m, "System.Void", "(System.Int32,System.Int32,System.Int32)"))
{
createMethod = m;
}
}
if (createMethod == null || !createMethod.HasBody)
{
return(null);
}
if (!DeobUtils.HasInteger(createMethod, 0xFFFFFF))
{
return(null);
}
return(createMethod);
}
bool CheckType(TypeDef type, MethodDef initMethod, ISimpleDeobfuscator simpleDeobfuscator)
{
if (DotNetUtils.FindFieldType(type, "System.Collections.Hashtable", true) == null)
{
return(false);
}
simpleDeobfuscator.Deobfuscate(initMethod);
if (!CheckInitMethod(initMethod))
{
return(false);
}
if ((asmSeparator = FindAssemblySeparator(initMethod)) == null)
{
return(false);
}
List <AssemblyInfo> newAssemblyInfos = null;
foreach (var s in DotNetUtils.GetCodeStrings(initMethod))
{
newAssemblyInfos = InitializeEmbeddedAssemblies(s);
if (newAssemblyInfos != null)
{
break;
}
}
if (newAssemblyInfos == null)
{
return(false);
}
resolverType = type;
resolverMethod = initMethod;
assemblyInfos = newAssemblyInfos;
return(true);
}
protected override bool CheckResolverType(TypeDef type)
{
return(DotNetUtils.FindFieldType(type, "System.Reflection.Assembly", true) != null);
}
